英文:
Google Cloud Console shows Client is unauthorized to retrieve access tokens using this method in python
问题
I saw so many questions related to this GCP issue, none of it helped. I have created a service account and added it to "Manage Domain-wide delegation" with scopes. But I still get this error Client is unauthorized to retrieve access tokens using this method or client not authorized for any of the scopes requested.
以下是代码部分:
from google.oauth2 import service_account
SCOPES = [
"https://www.googleapis.com/auth/admin.directory.user",
"https://www.googleapis.com/auth/admin.directory.domain.readonly",
"https://www.googleapis.com/auth/gmail.readonly",
"https://www.googleapis.com/auth/gmail.send",
"https://www.googleapis.com/auth/gmail.insert",
"https://www.googleapis.com/auth/gmail.settings.sharing",
]
SERVICE_ACCOUNT_FILE = '/PATH/TO/FILE/credentials.json'
credentials = service_account.Credentials.from_service_account_file(
SERVICE_ACCOUNT_FILE, scopes=SCOPES, )
delegated_credentials = credentials.with_subject('email')
service = build('admin', 'directory_v1', credentials=delegated_credentials)
def main():
print("Getting the first 10 users in the domain")
results = (
service.users()
.list(customer="customer_id", maxResults=10, orderBy="email")
.execute()
)
users = results.get("users", [])
print(users)
希望这可以帮助你解决问题。
英文:
I saw so many question relating to this GCP issue, none of it helped. I have created service account and added to "Manage Domain-wide delegation" with scopes. But I still get this error Client is unauthorized to retrieve access tokens using this method or client not authorized for any of the scopes requested.
code is below:
from google.oauth2 import service_account
SCOPES = [
"https://www.googleapis.com/auth/admin.directory.user",
"https://www.googleapis.com/auth/admin.directory.domain.readonly",
"https://www.googleapis.com/auth/gmail.readonly",
"https://www.googleapis.com/auth/gmail.send",
"https://www.googleapis.com/auth/gmail.insert",
"https://www.googleapis.com/auth/gmail.settings.sharing",
]
SERVICE_ACCOUNT_FILE = '/PATH/TO/FILE/credentials.json'
credentials = service_account.Credentials.from_service_account_file(
SERVICE_ACCOUNT_FILE, scopes=SCOPES, )
delegated_credentials = credentials.with_subject('email')
service = build('admin', 'directory_v1', credentials=delegated_credentials)
def main():
print("Getting the first 10 users in the domain")
results = (
service.users()
.list(customer="customer_id", maxResults=10, orderBy="email")
.execute()
)
users = results.get("users", [])
print(users)
答案1
得分: 1
Delegation means impersonating another identity. What permissions does the identity in this line of code have credentials.with_subject('email')? The identity needs super administrator access to the relevant Google Workspace account.
Additionally, the user must have logged in at least once and accepted the Google Workspace Terms of Service.
英文:
Delegation means impersonating another identity. What permissions does the identity in this line of code have credentials.with_subject('email')? The identity needs super administrator access to the relevant Google Workspace account.
Additionally, the user must have logged in at least once and accepted the Google Workspace Terms of Service.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论